A draft of your privacy policy must be made available for our review and approval before we can confirm your company's participation in BBB EU SAFE HARBOR. The privacy policy must comply both with our program requirements and with the requirements of the Department of Commerce (DOC) for participants in the US-EU Safe Harbor, and if applicable, the US-Swiss Safe Harbor.

An important note regarding the US-Swiss Safe Harbor Framework: The Department of Commerce provides a single online form for organizations to self-certify compliance with the US-EU Safe Harbor Framework and/or the US-Swiss Safe Harbor Framework. An organization may self-certify to one or both of the Safe Harbor Frameworks when completing this form. Organizations should note that when they select “Switzerland” as a country from which they receive personal data (i.e. whether they specifically tick the box corresponding to “Switzerland” or use the “All” function), they are self-certifying compliance with the US-Swiss Safe Harbor Framework. In that case, the organization’s privacy policy should contain language indicating that it adheres to both Frameworks, as explained below.

Please take the following steps to ensure that your policy meets all applicable requirements:

1) Include an affirmative commitment to adhere to the Safe Harbor privacy principles and the 15 FAQs that make up the Safe Harbor Framework(s). Included below for your reference are concise examples of Safe Harbor-compliant "affirmative statements":

Where self-certifying to both the US-EU Safe Harbor Framework and the US-Swiss Safe Harbor Framework:

(your company name) complies with the US-EU Safe Harbor Framework and US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. (your company name) has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view our certification page, please visit http://www.export.gov/safeharbor/

Where self-certifying to the US-EU Safe Harbor Framework only:

(your company name) complies with the US-EU Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. (your company name) has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view our certification page, please visit http://www.export.gov/safeharbor/

2) Make your policy "publicly available."

Your company’s privacy policy must be posted on the company Web site or be publicly available on request. Note: Do not make your Safe Harbor-compliant policy live on the Web until after your self-certification with the DOC has been approved.

3) Identify BBB EU SAFE HARBOR as your independent recourse mechanism for Safe Harbor privacy complaints, and provide a link to our online complaint handling system for use by European Union and Swiss consumers. You must also provide contact information for your company’s internal complaints mechanism. The following language is acceptable for this purpose:

Where self-certifying to both the US-EU Safe Harbor Framework and the US-Swiss Safe Harbor Framework:

In compliance with the US-EU and US-Swiss Safe Harbor Principles, (your company name) commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss citizens with inquiries or complaints regarding this privacy policy should first contact (your company name) at:

(Add name and address of your company's internal complaints mechanism)

(Your company name) has further committed to refer unresolved privacy complaints under the US-EU and US-Swiss Safe Harbor Principles to an independent dispute resolution mechanism, the BBB EU SAFE HARBOR, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by (your business name), please visit the BBB EU SAFE HARBOR web site at www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.

Where self-certifying to the US-EU Safe Harbor Framework only:

In compliance with the US-EU Safe Harbor Principles, (your company name) commits to resolve complaints about your privacy and our collection or use of your personal information. European Union citizens with inquiries or complaints regarding this privacy policy should first contact (your company name) at:

(Add name and address of your company's internal complaints mechanism)

(Your company name) has further committed to refer unresolved privacy complaints under the US-EU Safe Harbor Principles to an independent dispute resolution mechanism, the BBB EU SAFE HARBOR, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by (your business name), please visit the BBB EU SAFE HARBOR web site at www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.